Search

Subscribe

UAE to Ban BlackBerrys

The United Arab Emirates -- Dubai, etc. -- is threatening to ban BlackBerrys because they can't eavesdrop on them.

At the heart of the battle is access to the data transmitted by BlackBerrys. RIM processes the information through a handful of secure Network Operations Centers around the world, meaning that most governments can't access the data easily on their own. The U.A.E. worries that because of jurisdictional issues, its courts couldn't compel RIM to turn over secure data from its servers, which are outside the U.A.E. even in a national-security situation, a person familiar with the situation said.

This is a weird story for several reasons:

1. The UAE can't eavesdrop on BlackBerry traffic because it is encrypted between RIM's servers and the phones. That makes sense, but conventional e-mail services are no different. Gmail, for example, is encrypted between Google's servers and the users' computers. So are most other webmail services. Is the mobile nature of BlackBerrys really that different? Is it really not a problem that any smart phone can access webmail through an encrypted SSL tunnel?

The U.A.E. ban, due to start Oct. 11, was the result of the "failure of ongoing attempts, dating back to 2007, to bring BlackBerry services in the U.A.E. in line with U.A.E. telecommunications regulations," the country's Telecommunications Regulatory Authority said Sunday. The ban doesn't affect telephone and text-messaging services.

The U.A.E. wanted RIM to locate servers in the country, where it had legal jurisdiction over them; RIM had offered access to the data of 3,000 clients instead, the person said.

There's no reason to announce the ban over a month before it goes into effect, other than to prod RIM to respond in some way.

3. It's not obvious who will blink first. RIM has about 500,000 users in the UAE. RIM doesn't want to lose those subscribers, but the UAE doesn't want to piss those people off, either. The UAE needs them to work and do business in their country, especially as real estate prices continue to collapse.

4. India, China, and Russia threatened to kick BlackBerrys out for this reason, but relented when RIM agreed to "address concerns," which is code for "allowed them to eavesdrop."

Most countries have negotiated agreements with RIM that enable their security agencies to monitor and decipher this traffic. For example, Russia's two main mobile phone providers, MTS and Vimpelcom, began selling BlackBerrys after they agreed to provide access to the federal security service. "We resolved this question," Vimpelcom says. "We provided access."

The launch of BlackBerry service by China Mobile was delayed until RIM negotiated an agreement that enables China to monitor traffic.

Nevertheless, while RIM has declined to comment on the details of its arrangements with any government, it issued an opaque statement on Monday: "RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers."

How did they do that? Did they put RIM servers in those countries, and allow the government access to the traffic? Did they pipe the raw traffic back to those countries from their servers elsewhere? Did they just promise to turn over any data when asked?

RIM makes a big deal about how secure its users' data is, but I don't know how much of that to believe:

RIM said the BlackBerry network was set up so that "no one, including RIM, could access'' customer data, which is encrypted from the time it leaves the device. It added that RIM would "simply be unable to accommodate any request'' for a key to decrypt the data, since the company doesn't have the key.

The BlackBerry network is designed "to exclude the capability for RIM or any third party to read encrypted information under any circumstances,'' RIM's statement said. Moreover, the location of BlackBerry's servers doesn't matter, the company said, because the data on them can't be deciphered without a decryption key.

Am I missing something here? RIM isn't providing a file storage service, where user-encrypted data is stored on its servers. RIM is providing a communications service. While the data is encrypted between RIM's servers and the BlackBerrys, it has to be encrypted by RIM -- so RIM has access to the plaintext.

In any case, RIM has already demonstrated that it has the technical ability to address the UAE's concerns. Like the apocryphal story about Churchill and Lady Astor, all that's left is to agree on a price.

"If you want to eavesdrop on your people, then you ban whatever they're using," said Bruce Schneier, chief security technology officer at BT. "The basic problem is there's encryption between the BlackBerries and the servers. We find this issue all around about encryption."

I hope I wasn't that incoherent during the phone interview.

EDITED TO ADD (8/5): I might have gotten a do-over with Reuters. On a phone interview yesterday, I said: "RIM's carefully worded statements about BlackBerry security are designed to make their customers feel better, while giving the company ample room to screw them." Jonathan Zittrain picks apart one of those statements.

I think the issue with RIM has many angles. The email they can get to, because it is as you said, encrypted between device and RIM servers. After all if they are sending email to a normal account, that has to go in plaintext before leaving the RIM servers. I think the issue is for Blackberry Messenger and PIN messages. These go from device to device only and are, presumably, encrypted with a private/public key scheme. Access to a PIN number (the ID of the device hardware) gives you access to the public key, while the private key exists only in the device itself. If this is so, I'm not sure it is as information is scarce, RIM cannot access this messages... But! RIM and the operator may have ways to pair PIN numbers with Phone numbers and that may permit some sort of man in the middle attack. But reading all the details of the news I think the reality is that RIM has no access and that the only way to eavesdrop on all Blackberry communication is to put eavesdropping software on the device itself. Perhaps this is something that RIM has offered to some countries? Some sort of code that says if the SIM is from an, lets say, Indian, operator then resend all communications to a particular server. The reason this is different form SSL, is that the ISP forces itself as a cert authority and creates certificates for the sites they want to eavesdrop doing a man in the middle attack that is impossible to prevent, though easy to see that it is being performed...

Blackberries are indeed different than other smartphones in that ALL data is tunneled back to their servers and proxied from there. This not only applies to email and messenger, but any other internet traffic to/from the phone.

Me too, as I have no idea what the hell you were talking about. More accurately, it made no sense. That's unusual for you. I wonder if you actually said that or if it's a misquote. I'm leaning on the latter unless you had a major hangover. Perhaps too much wine during a rave restaurant review...? :P

I think some of the confusion comes in because there are two distinct security models for Blackberries depending on if you are running one as a consumer or as part of a corporation. If you have an onsite Blackberry Enterprise Server (BES) at your corporate location that ties into your email server (say Exchange) then that is where the encryption ends. Device activation to the BES includes generating a key pair, one of which lives on the corporate BES and the other on the handheld device. In this instance messages sent from the device are encrypted before going over the air and cannot be decrypted except by the BES. In this instance RIM is only providing the conduit, but no storage or processing. As a consumer you may well be dependent on RIM for processing or storage at which point you are vulnerable to their corporate fickleness.

All that said the folks that I know that work for the DHS have PGP on both their blackberries and their BES servers; so apparently they don’t entirely trust RIM even in the more secure corporate setting.

My understanding is similar to what "csmcolo" said in their post. I have always liked RIMs security solution for enterprise email, where only the enterprise and the phone had the keys. RIM's servers in the middle didn't have access to the content.

I can't imagine how RIM could give UAE access to this without changing the model in a big way. I assume RIMs email for US government employees works in a similar way, but with longer keys and stronger algorithms. I wonder how the UAE issue will effect that.

Most of the comments and the article seem to suggest that the ban is because it's "encrypted" and can't be eavesdropped. In fact that's the justification but in reality some people used the Blackberry to organize some opposition to some issues in the UAE and the government wasn't too happy so now they want to ban it. Giving that it's a big business country several things can happen:
1) Blackberry folds and give the government access to all the communications, and since what they actually want to ban is the use of the device for protest I bet they'll get very easy access.

2) Blackberries are banned and people adopt another phone that will soon be banned as well.

There can always be some economic issues of competitors and such, but it's hard to find out in a country that censors so much.

There are many other aspects to this situation that bear thought of here.

As pointed out, a key value for business is
the ability to have secure communications
when negotiating deals where fractional differences result in billion (dollar or euro) shifts of capital.

Also, world economy control pioneer
Haliburton is now domiciled in Dubai,
along with Blackwater successor or clone entities,
to avoid other states' jurisdictions.

Further, (as pointed out by Don't Hit The PEDs)
Money is a numerical means to transfer access to goods and services,
and/or the exchange of opportunities.

In East Africa and the Yemeni Coast,
because of an absence of any real currenccy in the post-Soviet Era,
local people have creaed their own currency base: cell-phone minutes.
These defy most local interference options.
East Africa's economy is at least 1/2 Moslem based.
So we hvae a tension here, a conflict,
between the East African Moslem economy,
and the information desires of the UAE-SA.
That seems far more profound.,

Living in the UAE I strongly support James theory. Also male and females in the UAE may use the BB for "dating" which is not allowed, as is sex before marriage and various other things. Some of the emirates are totally "dry" while others allow alcohol in hotels and for non-Muslims with a government issued liquor license. Protest and the mixing of the genders is one of the main reasons. People in the UAE know that surveillance is everywhere and the conceptnof privacy is not according to western standards.

Also: BES might be secure in order to not annoy corporate users and government users but BIS, the poor consumer is not any more protected at all for prying eyes everywhere. And BIS users are probably the main target for the ban.

Recalling the Israeli[-Egyptian] hit on Hamas's main bomb-maker in U.A.E. earlier this year, I bet U.A.E.'s intel, such as it is, thinks the hit men & women used Blackberries' security to evade gov't detection...

...AND that the Blackberry s/w was developed by the Zionist-Capitalist International Cabal!

Churchill: Madam, would you sleep with me for five million pounds?
Socialite: My goodness, Mr. Churchill... Well, I suppose... we would have to discuss terms, of course...
Churchill: Would you sleep with me for five pounds?
Socialite: Mr. Churchill, what kind of woman do you think I am?!
Churchill: Madam, we've already established that. Now we are haggling about the price.

The UAE-bashers here might just get real for a moment: do you think really think any Western intel service would accept use of Blackberry on their territory if they couldn’t read the messages? Of course they can. They’re getting the plain-text of your messages from somewhere, probably via a back-door that they’ve forced RIM to put in. 100% privacy? Don’t make me laugh, it hurts.

As Bruce quoted, “Most countries have negotiated agreements with RIM that enable their security agencies to monitor and decipher this traffic.” The UAE just wants the same as everyone else. Why not?

Methinks Blackberry has already provided access to communications flowing through its servers, at least to the Indian intelligence agencies, but they want access to communications originating from enterprises as well.

RIM consider their corporate customers their life-blood. If they couldn't guarantee corporate security, many (all?) corporate security folks would repeal their approval of the technology and recommend in-house solutions.

I think the DHS PGP comment above is rather telling though, the DHS doesn't "trust" that foreign governments could access their data :-)

I suspect that RIM merely works as a transit for the messages between the corporate exchange servers and the device. So encryption is being done at the exchange server. I would also suspect it is trivial to eavesdrop, as one could "force" up a fake root certificate, then use that to intercept the connections. Unless, of course, the device and exchange server share a secret key, negotiated at first sync. Then the only way to eavesdrop would be to intercept the initial key setup.

Personally, I'm tired of EVERY government feeling like they deserve secretive access and back doors to all the data I store in the 21st century. This and other stories like it serve as a warning: if you have personal data that will leave your possession even for a moment, make sure it will be encrypted.

I really have no idea why everything going digital means suddenly every government is exempt from respecting your privacy, but I do know we can deny them that privilege with a little effort.

Blackberry is already folding. As I mentioned above, this was the likely result. Although some article online suggested that Blackberry's business depends on security, I don't think anyone correlates the two words. Their business depends on the number of customers. Just like the truth is the first casualty of war, so is security the first casualty of business. The user's comfort and money always come first, never mind the long-term consequences.

The reason to announce the ban months in advance is to allow time for businesses to replace the devices and ISPs to offer alternatives. The two state ISPs are offering free equivalent handsets. iPhone, Nokia N97 etc.

RIMs push email message transfer almost as fast as SMS, and the device has an excellent user interface. It is used much more than email on other smartphones. So yes, the mobile nature of Blackberry is very different from accessing regular mail. Hence it was targeted.

*Dubai* doesn't want to piss people off. Abu Dhabi (the capital) couldn't care less. They have most of the oil wealth of the UAE to not depend on foreign businesses or local real estate. This decision is almost certainly by Abu Dhabi. They bailed Dubai out after the financial crisis to the tune of tens of billions of dollars, so Dubai has to acquiesce to their requests.

There's actually no reason to suspect that the singling out of the Blackberry is anything other than ignorance, stupidity and the popularity of the devices. On my Android phone, I can configure the email client to talk over SSL. I can also configure the device so that ALL the data transfers go via a virtual private network link. Effectively, with a bit of trouble I can make the data comms of an Android phone effectively unreadable to an eavesdropper in the country I happen to be in, or anywhere between the phone and the VPN endpoint.

All that RIM do is make this data encryption seamless and effortless for the user; this combined with a sudden popularity of the devices is probably what has brought about the ban. I would expect the UAE authorities to get extremely scared if you were to sit down with them and explain what modern encryption can do in exact and precise detail; I expect that the political masters have been subjected to the mushroom treatment (keep 'em in the dark and feed 'em bullsh*t) for quite a long time, and fondly imagine that their security services can eavesdrop on everything which talks electronically inside their country.

A parallel to this can be seen with the UK's Regulation of Investigatory Powers Act, which forces persons suspected of crimes to provide the authorities with access to decrypted versions of encrypted volumes, on pain of a few years imprisonment. The Act is typical of the UK's previous Labour government in that it is authoritarian, ignores inconvenient facts like how to prove that a file is encrypted data and not random garbage, and makes no provision for nested encrypted volumes and ssh session keys (which are kept only in memory and discarded when the link terminates). The RIP Act is the product of fear and profound stupidity on the part of a Government, and a bludgeoningly stupid insistence on ignoring the laws of physics when these conflict with the will of the legislators.

AS @MemValdal says, SSL can be sniffed via MITM. And I know for a fact U.A.E. does this. They were in testing phase over 2 years ago. ISPs have a requirement to do it in order to be in business. If Blackberry servers, don't use SSL, they would have to devise another way to decrypt the traffic.

csmcolo has this right. If you or yourt company run your BES server, only YOUR BlackBerry and YOUR BES have the private keys, so it's not possible (or practical) for anyone, RIM, government, carrier, ISP, anyone, to sniff the traffic in between your BES and your device. RIM does not have the keys or the plaintext.

If they're using BIS, they're using RIM's own services, and RIM would indeed have the keys and the plaintext.

I'm a little surprised Bruce didn't research this better - most unlike him.

While there exists browser plugins to alert on change in the SSL cert but how many people bother to use it or even know about it? And I am talking about users who are not information security professionals and simply dont understand how SSL works.

Guys, you talk about root certs forged by CAs forced by government and, obviously, for "users who are not information security professionals and simply dont understand how SSL works", everything is possible.

Do you really know an easy way to perform MITM attack on correctly used SSL, using your own CA, not the external one ?

@Hen there is no simple way to do MITM on SSL, but the easiest way to get data is to trick user (social engineering) and install backdoor on the system. Backdoor would hook browser and read info before its encrypted and sent with SSL ;)

Perhaps RIM has the capability to make Blackberries encrypt messages to a second key? Apple and Google can both brick your phone or kill apps on your iPhone or Nexus One, presumably manufacturers can make other modifications to your phone over the air without your permission as well. It's just software.

I don't see how RIM can continue to sell their enterprise server without explaining how they have 'addressed concerns' of governments that want to eavesdrop.

The fact is that Research in Motion’s (RIM) pious proclamations of needing to protect its customers (thus implying “foreign” government repression) wear thin when you realise that RIM (and all other providers) have been happily and secretly supplying encryption keys to western governments all along, a fact confirmed by Bruce Schneier, a renowned global security expert. Ironically, Mr Schneier himself now works for one such provider, BT.

Bruce, How does British Telecom monitor and deal with suspect data transfer through Blackberry? Can you throw some light on the strength of encryption and difficulties in monitoring and decrypting signal between a device and server?

I'm confused. We have email which is not encrypted except between the BB and the BES. We have PINs and BB messaging (is that right.. it's two years since I ditched my BB).
PINs are stored by BB and have always been available by court order. I base this comment on a Canadian case about three years ago in which the head of CIBC World Markets left on bad terms and started his own company. He poached former colleagues via BB pins and, surprise, saw these pins show up in court when he was sued by is former employer. Here is a link with more detail:http://www.heydary.com/publications/blackberry-pin-monitoring.html

@:RIM had offered access to the data of 3,000 clients instead, the person said.

That is the part that I find most troubling. You cannot depend on any company to protect you when it comes down to a choice between your life and a few dollars profit. Ford/Firestone comes to mind. McAfee and Norton have both publicly stated they would not report trojans created by the US government. RIM sells out users in oppressive states where they can be beheaded. Microsoft and Google sell out protesters in China.

If you want security for person-to-person communication of any kind - whether email, IM, or other, you need to use a system similar to one I designed a few years ago where keys are passed using a token passing system for encrypting and passing the AES encryption keys. The keys are generated by the client on each side of the conversation. Then the AES keys of both sides of the conversation are combined into a single key to use during the conversation. New keys are generated the next session and every session between different pairs of talkers has a different key combination. If my conversation with Mary is cracked and Bill's conversation with Jane is cracked, that does not mean that my conversation with Bill is cracked.

Could it be that SSL is transparent and effectively all internet traffic protected with SSL is "laid bare" to the UAE Authorities (and other countries) for them to inspect while the proprietary Backberry is not intercept-able?

Why is there not a ban on all SSL websites by the UAE? Could I not use my bank website's instant message system (protected by SSL and hosted on an out-of jurisdiction server) for subversive communications?

From someone who argues against FUD, I can't believe you're commenting on something without even bothering to look at a simple webpage. The WSJ article that you link to clearly mentions that their statement applies to Blackberry's enterprise products.

To quote you:
"While the data is encrypted between RIM's servers and the BlackBerrys, it has to be encrypted by RIM -- so RIM has access to the plaintext." Just glancing at that the above link would have shown you that data is encrypted between the Blackberry enterprise server which is run by the company using it, not by RIM. I saddens me to see a respected security advocate attacking a device which tries to security first without even bothering to look at facts. Or is it that stating that the setup looks fairly good for enterprises, would have gotten you less media coverage?

I believe the reference is to the banter between Churchill and a lady who put a high price on her morality.

It's not quite clear that RIM doesn't have access to the keys. I quote: "The master encryption key is unique to the BlackBerry device. To send and receive messages, all master encryption keys stored on the BlackBerry Enterprise Server and the BlackBerry device must match. If the stored keys do not match, the BlackBerry device or the lackBerry Enterprise Server cannot decrypt and must therefore discard messages that they receive." ("Blackberry Security Technical Overview", p.9, http://na.blackberry.com/eng/ataglance/security/features.jsp)

Maybe I am missing something but why doesn't UAE, Saudi Arabia etc. have issues with the iPhone? Seems to me SMS on the iPhone is point to point and hard to intercept and monitor except at the end points. Seems Blackberry is a target just because is does have something that sits in the middle.